Astra Linux – Vulnerability in Golang 1.19, Golang 1.23

A discrepancy in how Go and C/C++ comments are parsed allowed for code to be smuggled into the resulting cgo binary...

cmd/go: golang: Go (golang) and cmd/go: Arbitrary Code Execution via malicious SWIG file names

A flaw was found in the Go programming language golang and its command-line tool cmd/go. A remote attacker could exploit this during the build process by crafting malicious SWIG Simplified Wrapper and Interface Generator file names that contain "cgo" and specific payloads. This could lead to code...

cmd/go: golang: Go (golang) and cmd/go: Arbitrary Code Execution via malicious SWIG file names

A flaw was found in the Go programming language golang and its command-line tool cmd/go. A remote attacker could exploit this during the build process by crafting malicious SWIG Simplified Wrapper and Interface Generator file names that contain "cgo" and specific payloads. This could lead to code...

cmd/go: golang: Go (golang) and cmd/go: Arbitrary Code Execution via malicious SWIG file names

A flaw was found in the Go programming language golang and its command-line tool cmd/go. A remote attacker could exploit this during the build process by crafting malicious SWIG Simplified Wrapper and Interface Generator file names that contain "cgo" and specific payloads. This could lead to code...

OESA-2026-2250 golang security update

. Security Fixes: SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass.CVE-2026-27140 tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing...

OESA-2026-2249 golang security update

. Security Fixes: SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass.CVE-2026-27140 Arithmetic over induction variables in loops were not correctly checked for underflow or overflow. As a...

OESA-2026-2248 golang security update

. Security Fixes: SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass.CVE-2026-27140 Arithmetic over induction variables in loops were not correctly checked for underflow or overflow. As a...

OESA-2026-2247 golang security update

. Security Fixes: SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass.CVE-2026-27140 Arithmetic over induction variables in loops were not correctly checked for underflow or overflow. As a...

Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2026-1593)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1593 advisory. SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time in the Go toolchain cmd/go due to trust layer bypass...

cmd/go: golang: Go (golang) and cmd/go: Arbitrary Code Execution via malicious SWIG file names

A flaw was found in the Go programming language golang and its command-line tool cmd/go. A remote attacker could exploit this during the build process by crafting malicious SWIG Simplified Wrapper and Interface Generator file names that contain "cgo" and specific payloads. This could lead to code...

PT-2026-32418

SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass...

Linux Distros Unpatched Vulnerability : CVE-2026-27140

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass...

SUSE CVE-2026-27140

SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass...

CVE-2026-27140

SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass...

CVE-2026-27140

SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass...

UBUNTU-CVE-2026-27140

SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass...

CVE-2026-27140

SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass...

CVE-2026-27140 Code execution vulnerability in SWIG code generation in cmd/go

SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass...

EUVD-2026-20002

SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass...

CVE-2026-27140

SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass...